Two questions

[Laban]

Are there any avatar packages to get somewhere? It would take forever to download em all manually from the avatar page.

Is there a way to change the user-password encrytion thing? I mean how it's crypted. If I check into the database now, I can see the first 2-3 letters of the password. This is not good. I prefer using crypt($password,md5($username)) for my sites. That way even if the password is the same for two users, it won't show up as the same encrypted password. I like it that way.

[groundup]

http://yabb.da.ru/

in ur settings.php

[Laban]

uhm.... where do I change it? It's not in settings.php

[Jeff Lewis]

You have to change all the encryption inside the source.  So in Register.php, LogInOut.php, Reminder.php etc.

[Laban]

can't you make a encryption.php or something where it gets all encryption info from? So it would be easy to change if one wants to.

[Joseph Fung]

Yes, we are able to, but we didn't - so if you really want it changed, you'll have to go through the effort of doing so

Jeff, you also forgot Load.php specifically the LoadCookie and possibly LoadUserSettings functions.

Before you ask WHY we didn't pull the encryption out, there are 2 reasons.

a) this was a port from y1G and the excryption was forced in - it was not a planned feature, so we did what worked
b) encryption based on a substr($paswd,0,2) seed is as standard a password excryption algorithm as you're going to get.  That particular seed was selected to make it as easy as possible for developers to make their projects mesh with SE as easily as possible.

[Jeff Lewis]

Ah yes and Load.php